<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
MITRE's implementation has been live on our public server for nearly
a year now, and a number of other groups have used the MITREid
Connect open source project in their own deployments. <br>
<br>
-- Justin<br>
<br>
<div class="moz-cite-prefix">On 06/15/2013 02:53 AM, Torsten
Lodderstedt wrote:<br>
</div>
<blockquote
cite="mid:2ADBCB59-669A-4E9E-B5ED-CBBC129F0F17@lodderstedt.net"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=ISO-8859-1">
<div>Deutsche Telekom's implementation is available in production
since last Wednesday.</div>
<div><br>
</div>
<div>Regards,</div>
<div>Torsten.</div>
<div><br>
Am 13.06.2013 um 18:32 schrieb Brian Campbell <<a
moz-do-not-send="true"
href="mailto:bcampbell@pingidentity.com">bcampbell@pingidentity.com</a>>:<br>
<br>
</div>
<blockquote type="cite">
<div>
<div dir="ltr">Also, FWIW, Ping Identity's initial OpenID
Connect product support went from just "announced" to
actually "generally available" yesterday.<br>
<br>
<a moz-do-not-send="true"
href="https://www.pingidentity.com/about-us/press-release.cfm?customel_datapageid_1516=70050">https://www.pingidentity.com/about-us/press-release.cfm?customel_datapageid_1516=70050</a><br>
</div>
<div class="gmail_extra"><br>
<br>
<div class="gmail_quote">On Thu, Jun 13, 2013 at 10:26 AM,
Nat Sakimura <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:sakimura@gmail.com" target="_blank">sakimura@gmail.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="auto">
<div>Not Amazon yet. They are waiting for us. Paypal,
yes. <br>
<br>
=nat via iPhone</div>
<div><br>
Jun 14, 2013 1:19、Mike Jones <<a
moz-do-not-send="true"
href="mailto:Michael.Jones@microsoft.com"
target="_blank">Michael.Jones@microsoft.com</a>>
のメッセージ:<br>
<br>
</div>
<div>
<div class="h5">
<blockquote type="cite">
<div>
<div>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Yes.
Updated below…</span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#222222"> </span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">To:
<a moz-do-not-send="true"
href="mailto:jose-chairs@tools.ietf.org"
target="_blank">jose-chairs@tools.ietf.org</a>;
<a moz-do-not-send="true"
href="mailto:oauth-chairs@tools.ietf.org"
target="_blank">
oauth-chairs@tools.ietf.org</a></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Cc:
<a moz-do-not-send="true"
href="mailto:iesg@ietf.org"
target="_blank">iesg@ietf.org</a>; <a
moz-do-not-send="true"
href="mailto:draft-ietf-oauth-json-web-token@tools.ietf.org"
target="_blank">
draft-ietf-oauth-json-web-token@tools.ietf.org</a>; <a
moz-do-not-send="true"
href="mailto:draft-ietf-jose-json-web-encryption@tools.ietf.org"
target="_blank">
draft-ietf-jose-json-web-encryption@tools.ietf.org</a></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#222222">Subject:
Liaison statement from OpenID Foundation
to IETF on JWT and JOSE</span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#222222"> </span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#222222">I’m
writing on behalf of the OpenID Connect
Working Group, in the OpenID Foundation.
We have been working for three years on
specifying this identity-federation
protocol. Our specifications have
reached stability (what we call
“Implementer’s Drafts”) and we
anticipate a final vote and approval in
the coming months. We’re confident
approval will be forthcoming since
OpenID Connect is already in production
at Google and Amazon, a product has been
announced by Ping Identity, a JWT
product has shipped from Microsoft, and
we expect numerous OpenID Connect and
JWT deployments in the coming months.</span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#222222"> </span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#222222">Our
work is dependent on the JSON Web Token
(JWT) and the JSON Object Signing and
Encryption (JOSE) specifications,
products of the IETF OAuth and JOSE
working groups. JWTs have been stable
for some time, and code to parse and
validate them is widely available in
libraries for popular programming
languages. However, progress towards an
RFC in JOSE seems slow, which is holding
up the JWT RFC in OAuth, and we do not
have a clear feeling when this work is
likely to complete. As chartered, the
JOSE documents were to have gone to
working group last call a year ago and
this still has not happened.</span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#222222"> </span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#222222">Unfortunately,
it’s not practical for our membership to
wait indefinitely, and thus our most
likely course of action will be to take
dependencies
on draft-ietf-oauth-json-web-token-08
and the -11 versions of the JOSE
specifications or subsequent versions
that are compatible with them when the
time comes to publish our final
specifications. It would obviously be
preferable for the JWT and JOSE RFCs to
be completed in a timely fashion
instead.</span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#222222"> </span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#222222">We
bring this to your attention simply
because if some other organization were
planning to lock in a dependency on one
of our earlier drafts, we’d like to hear
about it.</span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#222222"> </span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#222222">--
Tim Bray for the OpenID Connect Working
Group and the OpenID Foundation</span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"> </span></p>
<p class="MsoNormal"><b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">
Brian Campbell [<a
moz-do-not-send="true"
href="mailto:bcampbell@pingidentity.com"
target="_blank">mailto:bcampbell@pingidentity.com</a>]
<br>
<b>Sent:</b> Thursday, June 13, 2013
9:13 AM<br>
<b>To:</b> Mike Jones<br>
<b>Cc:</b> Tim Bray; <<a
moz-do-not-send="true"
href="mailto:openid-specs-ab@lists.openid.net"
target="_blank">openid-specs-ab@lists.openid.net</a>><br>
<b>Subject:</b> Re: [Openid-specs-ab]
Draft note to IETF</span></p>
<p class="MsoNormal"> </p>
<div>
<p class="MsoNormal">"<span
style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#222222">were
have gone" -> "were to have gone"
... ?</span></p>
</div>
<div>
<p class="MsoNormal"
style="margin-bottom:12.0pt"> </p>
<div>
<p class="MsoNormal">On Thu, Jun 13,
2013 at 9:30 AM, Mike Jones <<a
moz-do-not-send="true"
href="mailto:Michael.Jones@microsoft.com"
target="_blank">Michael.Jones@microsoft.com</a>>
wrote:</p>
<div>
<div>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Tim
– a slightly revised note
follows. The working group
agreed for you to circulate it
privately to insiders for
feedback. We also need to run
this by the board before
formally sending it, since it’s
speaking on behalf of the
foundation. If you can let us
know what kinds of informal
feedback you receive, that would
be great.</span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"> </span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">
-- Mike</span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"> </span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">To:
<a moz-do-not-send="true"
href="mailto:jose-chairs@tools.ietf.org"
target="_blank">jose-chairs@tools.ietf.org</a>;
<a moz-do-not-send="true"
href="mailto:oauth-chairs@tools.ietf.org"
target="_blank">oauth-chairs@tools.ietf.org</a></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Cc:
<a moz-do-not-send="true"
href="mailto:iesg@ietf.org"
target="_blank">iesg@ietf.org</a>;
<a moz-do-not-send="true"
href="mailto:draft-ietf-oauth-json-web-token@tools.ietf.org"
target="_blank">
draft-ietf-oauth-json-web-token@tools.ietf.org</a>; <a
moz-do-not-send="true"
href="mailto:draft-ietf-jose-json-web-encryption@tools.ietf.org"
target="_blank">
draft-ietf-jose-json-web-encryption@tools.ietf.org</a></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#222222">Subject:
Liaison statement from OpenID
Foundation to IETF on JWT and
JOSE</span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#222222"> </span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#222222">I’m
writing on behalf of the OpenID
Connect Working Group, in the
OpenID Foundation. We have been
working for three years on
specifying this
identity-federation protocol.
Our specifications have reached
stability (what we call
“Implementer’s Drafts”) and we
anticipate a final vote and
approval in the coming months.
We’re confident approval will
be forthcoming since OpenID
Connect is already in production
at Google, a product has been
announced by Ping Identity, a
JWT product has shipped from
Microsoft, and we expect
numerous OpenID Connect and JWT
deployments in the coming
months.</span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#222222"> </span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#222222">Our
work is dependent on the JSON
Web Token (JWT) and the JSON
Object Signing and Encryption
(JOSE) specifications, products
of the IETF OAuth and JOSE
working groups. JWTs have been
stable for some time, and code
to parse and validate them is
widely available in libraries
for popular programming
languages. However, progress
towards an RFC in JOSE seems
slow, which is holding up the
JWT RFC in OAuth, and we do not
have a clear feeling when this
work is likely to complete. As
chartered, the JOSE documents
were have gone to working group
last call a year ago and this
still has not happened.</span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#222222"> </span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#222222">Unfortunately,
it’s not practical for our
membership to wait indefinitely,
and thus our most likely course
of action will be to take
dependencies
on draft-ietf-oauth-json-web-token-08
and the -11 versions of the JOSE
specifications or subsequent
versions that are compatible
with them when the time comes to
publish our final
specifications. It would
obviously be preferable for the
JWT and JOSE RFCs to be
completed in a timely fashion
instead.</span></p>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#222222"> </span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#222222">We
bring this to your attention
simply because if some other
organization were planning to
lock in a dependency on one of
our earlier drafts, we’d like
to hear about it.</span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#222222"> </span></p>
</div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#222222">--
Tim Bray for the OpenID Connect
Working Group and the OpenID
Foundation</span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#222222"> </span></p>
<p class="MsoNormal"><b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">
<a moz-do-not-send="true"
href="mailto:openid-specs-ab-bounces@lists.openid.net"
target="_blank">openid-specs-ab-bounces@lists.openid.net</a>
[mailto:<a
moz-do-not-send="true"
href="mailto:openid-specs-ab-bounces@lists.openid.net"
target="_blank">openid-specs-ab-bounces@lists.openid.net</a>]
<b>On Behalf Of </b>Brian
Campbell<br>
<b>Sent:</b> Thursday, June 13,
2013 6:30 AM<br>
<b>To:</b> Tim Bray<br>
<b>Cc:</b> <<a
moz-do-not-send="true"
href="mailto:openid-specs-ab@lists.openid.net"
target="_blank">openid-specs-ab@lists.openid.net</a>><br>
<b>Subject:</b> Re:
[Openid-specs-ab] Draft note to
IETF</span></p>
<div>
<div>
<p class="MsoNormal"> </p>
<div>
<div>
<div>
<p class="MsoNormal"
style="margin-bottom:12.0pt">While
somewhat esoteric, it's
probably important in
this context to be
accurate about the
various documents and
the WGs that are
responsible for them.</p>
</div>
<p class="MsoNormal"
style="margin-bottom:12.0pt">Though
JWT does depend heavily on
JOSE work, it itself isn't
a JOSE WG item. Rather it
is a product of the OAUTH
WG<span
style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#222222">
and, as such, asking the
JOSE WG to do anything
with JWT doesn't make a
lot of sense.</span></p>
</div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#222222">The
broader issue remains
though and I support the
Connect group providing
some encouragement to the
IETF towards progressing
the dependencies. But we
probably need to
acknowledge that even
within the IETF the
document and WG
relationships are somewhat
complicated by
dependencies.</span></p>
<div>
<p class="MsoNormal"
style="margin-bottom:12.0pt"> </p>
</div>
</div>
<div>
<p class="MsoNormal"
style="margin-bottom:12.0pt"> </p>
<div>
<p class="MsoNormal">On Wed,
Jun 12, 2013 at 3:00 PM,
Tim Bray <<a
moz-do-not-send="true"
href="mailto:tbray@textuality.com"
target="_blank">tbray@textuality.com</a>>
wrote:</p>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#222222">This
should go to the JOSE
WG chair, the ADs for
that area, and the
IESG</span></p>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#222222"> </span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#222222">I’m
writing on behalf of
the OpenID Connect
Working Group, in
the OpenID
Foundation. We have
been working for
<insert-time-period>
on specifying this
identity-federation
protocol. Our
specifications have
reached stability
(what we call
“implementor’s
draft”) and we
anticipate a final
vote and approval in
the coming months.
We’re confident
approval will be
forthcoming since
OIDC is already in
production at
Google,
<insert-other-deployments>
and we expect
deployments at
<insert-other-predictions>.</span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#222222"> </span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#222222">Our
work is dependent on
JWT, a product of
the IETF “jose”
working group. JWTs
have been stable for
some time, and code
to parse and
validate them is
widely available in
libraries for
popular programming
languages. However,
progress towards an
RFC in jose seems
slow, and we do not
have a feeling when
this work is likely
to stabilize.</span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#222222"> </span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#222222">Unfortunately,
it’s not practical
for our membership
to wait, and thus
our most likely
course of action
will be to take a
dependency
on draft-ietf-oauth-json-web-token-08
when the time comes
to publish our
specification. </span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#222222"> </span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#222222">We
bring this to your
attention simply
because if some
other organization
were planning to
lock in a dependency
on one of our
earlier drafts, we’d
like to hear about
it. </span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#222222"> </span></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#222222">[I’m
going to
unofficially run
this by some of my
IETF-insider
contacts, but
thought I should
sanity-check the
content here first]</span></p>
</div>
</div>
<p class="MsoNormal"
style="margin-bottom:12.0pt"><br>
_______________________________________________<br>
Openid-specs-ab mailing
list<br>
<a moz-do-not-send="true"
href="mailto:Openid-specs-ab@lists.openid.net" target="_blank">Openid-specs-ab@lists.openid.net</a><br>
<a moz-do-not-send="true"
href="http://lists.openid.net/mailman/listinfo/openid-specs-ab"
target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs-ab</a></p>
</div>
<p class="MsoNormal"> </p>
</div>
</div>
</div>
</div>
</div>
<p class="MsoNormal"
style="margin-bottom:12.0pt"><br>
_______________________________________________<br>
Openid-specs-ab mailing list<br>
<a moz-do-not-send="true"
href="mailto:Openid-specs-ab@lists.openid.net"
target="_blank">Openid-specs-ab@lists.openid.net</a><br>
<a moz-do-not-send="true"
href="http://lists.openid.net/mailman/listinfo/openid-specs-ab"
target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs-ab</a></p>
</div>
<p class="MsoNormal"> </p>
</div>
</div>
</div>
</blockquote>
<blockquote type="cite">
<div><span>_______________________________________________</span><br>
<span>Openid-specs-ab mailing list</span><br>
<span><a moz-do-not-send="true"
href="mailto:Openid-specs-ab@lists.openid.net"
target="_blank">Openid-specs-ab@lists.openid.net</a></span><br>
<span><a moz-do-not-send="true"
href="http://lists.openid.net/mailman/listinfo/openid-specs-ab"
target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs-ab</a></span><br>
</div>
</blockquote>
</div>
</div>
</div>
</blockquote>
</div>
<br>
</div>
</div>
</blockquote>
<blockquote type="cite">
<div><span>_______________________________________________</span><br>
<span>Openid-specs-ab mailing list</span><br>
<span><a moz-do-not-send="true"
href="mailto:Openid-specs-ab@lists.openid.net">Openid-specs-ab@lists.openid.net</a></span><br>
<span><a moz-do-not-send="true"
href="http://lists.openid.net/mailman/listinfo/openid-specs-ab">http://lists.openid.net/mailman/listinfo/openid-specs-ab</a></span><br>
</div>
</blockquote>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Openid-specs-ab mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Openid-specs-ab@lists.openid.net">Openid-specs-ab@lists.openid.net</a>
<a class="moz-txt-link-freetext" href="http://lists.openid.net/mailman/listinfo/openid-specs-ab">http://lists.openid.net/mailman/listinfo/openid-specs-ab</a>
</pre>
</blockquote>
<br>
</body>
</html>